On Sep 10, 2009, at 4:08 AM, André Loddenkemper wrote:
The problem is: Wireshark just recognizes those packets as "UDP" and
not as "RTP" as it should be.
By default, Wireshark only recognizes RTP packets if some previous
packets set up an RTP session.
In the protocol preferences for RTP (Edit -> Preferences, and select
RTP under Protocols), there's a "Try to decode RTP outside of
conversations" preference; if you turn it on, the RTP dissector will
look at otherwise-undecoded UDP packets and see whether they look
enough like RTP packets, in its opinion, to treat them as RTP packets.
The heuristic it uses is a bit weak (I'm not sure there are any
stronger ones), so it's not on by default, as it might mis-identify
traffic as RTP that's not RTP traffic.